From 3017a405afe6fade2cb9845bb905b39741654ae8 Mon Sep 17 00:00:00 2001
From: ReenigneArcher <42013603+ReenigneArcher@users.noreply.github.com>
Date: Sat, 12 Aug 2023 15:53:45 -0400
Subject: [PATCH] ci(codeql): detect cpp and charp (#1526)
---
.codeql-prebuild-cpp.sh | 54 ++++++++++++++++++++++++++++++++++++
.github/workflows/codeql.yml | 17 ++++++++++--
2 files changed, 69 insertions(+), 2 deletions(-)
create mode 100644 .codeql-prebuild-cpp.sh
diff --git a/.codeql-prebuild-cpp.sh b/.codeql-prebuild-cpp.sh
new file mode 100644
index 00000000..b4461a20
--- /dev/null
+++ b/.codeql-prebuild-cpp.sh
@@ -0,0 +1,54 @@
+# install dependencies for C++ analysis
+
+sudo apt-get update -y
+sudo apt-get install -y \
+ build-essential \
+ gcc-10 \
+ g++-10 \
+ libappindicator3-dev \
+ libavdevice-dev \
+ libboost-filesystem-dev \
+ libboost-locale-dev \
+ libboost-log-dev \
+ libboost-program-options-dev \
+ libcap-dev \
+ libcurl4-openssl-dev \
+ libdrm-dev \
+ libevdev-dev \
+ libmfx-dev \
+ libnuma-dev \
+ libopus-dev \
+ libpulse-dev \
+ libssl-dev \
+ libva-dev \
+ libvdpau-dev \
+ libwayland-dev \
+ libx11-dev \
+ libxcb-shm0-dev \
+ libxcb-xfixes0-dev \
+ libxcb1-dev \
+ libxfixes-dev \
+ libxrandr-dev \
+ libxtst-dev \
+ wget
+
+# clean apt cache
+sudo apt-get clean
+sudo rm -rf /var/lib/apt/lists/*
+
+# Update gcc alias
+# https://stackoverflow.com/a/70653945/11214013
+sudo update-alternatives --install \
+ /usr/bin/gcc gcc /usr/bin/gcc-10 100 \
+ --slave /usr/bin/g++ g++ /usr/bin/g++-10 \
+ --slave /usr/bin/gcov gcov /usr/bin/gcov-10 \
+ --slave /usr/bin/gcc-ar gcc-ar /usr/bin/gcc-ar-10 \
+ --slave /usr/bin/gcc-ranlib gcc-ranlib /usr/bin/gcc-ranlib-10
+
+# Install CUDA
+sudo wget \
+ https://developer.download.nvidia.com/compute/cuda/11.8.0/local_installers/cuda_11.8.0_520.61.05_linux.run \
+ --progress=bar:force:noscroll -q --show-progress -O /root/cuda.run
+sudo chmod a+x /root/cuda.run
+sudo /root/cuda.run --silent --toolkit --toolkitpath=/usr --no-opengl-libs --no-man-page --no-drm
+sudo rm /root/cuda.run
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 7cfd62a7..25669d8f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -35,6 +35,8 @@ jobs:
const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
const remap_languages = {
+ 'c++': 'cpp',
+ 'c#': 'csharp',
'kotlin': 'java',
'typescript': 'javascript',
}
@@ -45,7 +47,7 @@ jobs:
"include": []
}
- for (const [key, value] of Object.entries(response.data)) {
+ for (let [key, value] of Object.entries(response.data)) {
// remap language
if (remap_languages[key.toLowerCase()]) {
console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`)
@@ -95,6 +97,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
+ with:
+ submodules: recursive
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
@@ -109,8 +113,17 @@ jobs:
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
+ # Pre autobuild
+ # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository
+ - name: Prebuild
+ run: |
+ # check if .qodeql-prebuild-${{ matrix.language }}.sh exists
+ if [ -f "./.codeql-prebuild-${{ matrix.language }}.sh" ]; then
+ echo "Running .codeql-prebuild-${{ matrix.language }}.sh"
+ ./.codeql-prebuild-${{ matrix.language }}.sh
+ fi
+
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
- # TODO: If this step fails, then we need to create a method to build the project using an automated method.
- name: Autobuild
uses: github/codeql-action/autobuild@v2